This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3w7QKsP-nBdjzBOchAjI61TTv2M.roa
File:                     3w7QKsP-nBdjzBOchAjI61TTv2M.roa (raw, json)
Hash identifier:          QyB/DzhD3cYZvTNAg8B4G4w4oEF1E2vw8LoHS76oVRY=
Subject key identifier:   DF:0E:D0:2A:C3:FE:9C:17:63:CC:13:9C:84:08:C8:EB:54:D3:BF:63
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       019B7C7EF831A577B65315EB5EBD6E40CCF1
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3w7QKsP-nBdjzBOchAjI61TTv2M.roa
Signing time:             Fri 02 Jan 2026 02:17:34 +0000
ROA not before:           Fri 02 Jan 2026 02:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56611
IP address blocks:        193.160.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 26 Jan 2026 07:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:7e:f8:31:a5:77:b6:53:15:eb:5e:bd:6e:40:cc:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Jan  2 02:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df0ed02ac3fe9c1763cc139c8408c8eb54d3bf63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c7:2c:24:bd:29:b6:cb:3a:47:c5:db:6f:6c:
                    a0:e5:5b:b0:b2:42:51:94:2f:2b:b9:38:25:7e:31:
                    4d:58:97:4f:fe:fa:10:69:8b:31:65:a6:b7:18:a9:
                    b3:2f:ec:92:a0:08:23:79:da:45:81:2a:c0:09:4d:
                    b9:41:a0:68:81:d8:df:fa:79:75:aa:76:5e:bd:78:
                    5b:2a:59:91:73:21:01:e1:ca:c0:3f:15:6b:d0:84:
                    b7:f8:33:cc:32:f4:96:1d:ff:ca:b1:0c:89:31:4a:
                    1a:3d:42:15:48:36:e2:c0:67:ba:fd:f2:6d:3a:0c:
                    ac:fd:a1:0b:98:26:95:cd:27:df:15:a5:6b:7b:93:
                    51:6d:e8:b8:9f:8a:7c:5a:1a:98:0c:59:05:25:73:
                    24:cc:81:47:c8:3f:8f:5d:5e:1a:1a:b0:4c:e7:77:
                    a1:a9:97:c3:67:af:c9:d4:f8:46:a0:2b:9e:06:7c:
                    0d:ca:da:89:19:cd:69:ec:6f:fe:99:33:1f:96:6a:
                    ed:27:5d:df:d6:13:82:2e:44:55:de:35:ec:2b:5c:
                    23:bc:2d:3b:7f:cb:4f:3a:ad:ee:23:60:12:e9:09:
                    12:f4:0b:06:14:9b:84:c3:02:bd:79:d7:87:0c:d0:
                    24:90:5d:7b:a2:1d:18:55:c1:fb:56:a9:59:32:c2:
                    73:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:0E:D0:2A:C3:FE:9C:17:63:CC:13:9C:84:08:C8:EB:54:D3:BF:63
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/3w7QKsP-nBdjzBOchAjI61TTv2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:9f:fd:a6:a2:7e:f9:17:62:40:1c:e3:11:b2:e6:85:24:aa:
         f1:36:6b:ba:81:33:02:7c:f5:5d:a2:46:4f:8c:44:53:88:ba:
         4b:aa:b1:0f:c7:1d:62:f9:3f:a0:f1:bc:d6:ba:c9:04:78:c8:
         35:1b:6b:f8:54:e3:80:d4:3c:ba:b7:30:33:ce:2a:6f:c1:b8:
         95:c9:53:76:77:12:31:4a:e9:4a:7d:b1:45:f4:01:2a:a6:e6:
         d7:6d:b5:a9:c2:3b:84:5f:fe:e5:90:04:34:83:3a:f6:ca:86:
         a0:24:ff:7d:75:35:2b:9e:95:0b:4e:fb:06:86:52:8a:8e:70:
         22:46:93:18:6d:32:9f:98:12:a8:2a:4b:cf:9e:d2:ec:ac:d1:
         79:43:bc:24:48:ce:59:d9:14:1a:a3:30:71:c2:a7:17:a2:7b:
         92:01:50:1d:0e:d8:84:87:8f:d3:29:2c:93:6b:58:69:ba:2f:
         eb:0f:06:67:e6:71:16:b0:a2:f4:a4:2e:ee:cd:3f:c7:a7:ee:
         8c:9d:69:48:95:eb:d6:ff:47:e3:54:9f:5e:c6:93:b7:71:50:
         83:60:10:91:c0:49:fb:3b:bc:a1:38:c5:f3:97:13:ef:8d:a4:
         af:85:63:e0:f1:56:96:bf:e9:ee:a6:67:78:dc:3b:34:29:77:
         ee:b9:b4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt8fvgxpXe2UxXrXr1uQMzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjYwMTAyMDIxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjBlZDAyYWMzZmU5YzE3NjNjYzEzOWM4NDA4YzhlYjU0ZDNiZjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuscsJL0ptss6R8Xbb2yg5VuwskJR
lC8ruTglfjFNWJdP/voQaYsxZaa3GKmzL+ySoAgjedpFgSrACU25QaBogdjf+nl1
qnZevXhbKlmRcyEB4crAPxVr0IS3+DPMMvSWHf/KsQyJMUoaPUIVSDbiwGe6/fJt
Ogys/aELmCaVzSffFaVre5NRbei4n4p8WhqYDFkFJXMkzIFHyD+PXV4aGrBM53eh
qZfDZ6/J1PhGoCueBnwNytqJGc1p7G/+mTMflmrtJ13f1hOCLkRV3jXsK1wjvC07
f8tPOq3uI2AS6QkS9AsGFJuEwwK9edeHDNAkkF17oh0YVcH7VqlZMsJz8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN8O0CrD/pwXY8wTnIQIyOtU079jMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvM3c3UUtzUC1uQmRqekJPY2hBakk2MVRUdjJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaBgMA0G
CSqGSIb3DQEBCwUAA4IBAQA+n/2mon75F2JAHOMRsuaFJKrxNmu6gTMCfPVdokZP
jERTiLpLqrEPxx1i+T+g8bzWuskEeMg1G2v4VOOA1Dy6tzAzzipvwbiVyVN2dxIx
SulKfbFF9AEqpubXbbWpwjuEX/7lkAQ0gzr2yoagJP99dTUrnpULTvsGhlKKjnAi
RpMYbTKfmBKoKkvPntLsrNF5Q7wkSM5Z2RQaozBxwqcXonuSAVAdDtiEh4/TKSyT
a1hpui/rDwZn5nEWsKL0pC7uzT/Hp+6MnWlIlevW/0fjVJ9expO3cVCDYBCRwEn7
O7yhOMXzlxPvjaSvhWPg8VaWv+nupmd43Ds0KXfuubRv
-----END CERTIFICATE-----